<?php
/**
 * 功能：登录管理
 * 说明：
 * 创建日期：2012-9-3
 * 更新日期：
 * 作者：Mirze
 * 补充说明： 
 * 
 */
class LoginAction extends Action
{
	/**  **/
	public function _empty()
	{
		$this->error('login action not found!');
	}

	//用户登录
	public function index()
	{
		if(!isset($_SESSION[C('USER_AUTH_KEY')])) {
			$this->display();
		}else{
			$this->redirect('Index/index');
		}
	}

	// 用户登出
    public function logout()
    {
        if(isset($_SESSION[C('USER_AUTH_KEY')])) {
			unset($_SESSION[C('USER_AUTH_KEY')]);
			unset($_SESSION);
			session_destroy();
            $this->assign("jumpUrl",__URL__.'/index/');
            $this->success('登出成功！');
        }else {
            $this->error('已经登出！');
        }
    }

	// 检查用户是否登录
	protected function checkUser() {
		if(!isset($_SESSION[C('USER_AUTH_KEY')])) {
			$this->assign('jumpUrl', 'Login/login');
			$this->error('没有登录');
		}
	}

	// 登录检测
	public function checkLogin() {
		$post['user_name'] = $this->_post('user_name','trim');
		$post['user_pwd'] = $this->_post('user_pwd','trim');
		$post['verify'] = $this->_post('verify');

		if(empty($post['user_name'])) {
			$this->error('帐号错误！');
		}elseif (empty($post['user_pwd'])){
			$this->error('密码必须！');
		}elseif (empty($post['verify'])){
			$this->error('验证码必须！');
		}

		$session['verify'] = $this->_session('verify');

		if($session['verify'] != md5($post['verify'])) {
			$this->error('验证码错误！');
		}

		//生成认证条件
		$map            =   array();
		// 支持使用绑定帐号登录
		$map['user_name']	= $post['user_name'];
		$map["status"]	=	array('gt',0);
		
		import ( 'class_rbac' );
		$authInfo = RBAC::authenticate($map);
		//使用用户名、密码和状态的方式进行认证
		if(false === $authInfo) {
			$this->error('帐号不存在或已禁用！');
		}else {
			if($authInfo['user_pwd'] != md5($post['user_pwd'])) {
				$this->error('密码错误！');
			}

			$_SESSION[C('USER_AUTH_KEY')]	=	$authInfo['id'];
			$_SESSION['email']	=	$authInfo['email'];
			$_SESSION['loginUserName']		=	$authInfo['real_name'];
			$_SESSION['lastLoginTime']		=	$authInfo['last_login_time'];
			$_SESSION['login_count']	=	$authInfo['login_count'];
			if($authInfo['user_name']=='admin') {
				$_SESSION['admin']		=	true;
			}
			//保存登录信息
			$User	=	M('User');
			$ip		=	get_client_ip();
			$time	=	time();
			$data = array();
			$data['id']	=	$authInfo['id'];
			$data['last_login_time']	=	$time;
			$data['login_count']	=	array('exp','login_count+1');
			$data['last_login_ip']	=	$ip;
			$User->save($data);

			// 缓存访问权限
			RBAC::saveAccessList();
			$this->success('登录成功！');

		}
	}
	// 更换密码
	public function changePwd()
	{
		$this->checkUser();
		//对表单提交处理进行处理或者增加非表单数据
		if(md5($_POST['verify'])	!= $_SESSION['verify']) {
			$this->error('验证码错误！');
		}
		$map	=	array();
		$map['password']= pwdHash($_POST['oldpassword']);
		if(isset($_POST['account'])) {
			$map['user_name']	 =	 $_POST['user_name'];
		}elseif(isset($_SESSION[C('USER_AUTH_KEY')])) {
			$map['id']		=	$_SESSION[C('USER_AUTH_KEY')];
		}
		//检查用户
		$User    =   M("User");
		if(!$User->where($map)->field('id')->find()) {
		$this->error('旧密码不符或者用户名错误！');
		}else {
		$User->password	=	pwdHash($_POST['password']);
		$User->save();
		$this->success('密码修改成功！');
		}
	}

	
}